J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: All-Mail Buffer Overflow Vulnerability

Severity: HIGH

Description:

All-mail is an smtp server for Windows NT and 2000 platforms offered by Nevis Systems. It is vulnerable to remotely exploitable buffer overflow attacks that may lead to an attacker gaining control of the victim host.

The condition is known to occur in at least two places. The values supplied by the user that argument the "mail from" and "rcpt to" smtp commands are stored in buffers of predefined length. It is not verified that the amount data is within the predefined size limits before it is copied onto the stack during function calls. Consequently it is possible for users to overwrite stack variables (with the excessive data..) such as the calling function's return address with arbitrary values that can alter the program's flow of execution.

If exploited, the user can at the very least cause the smtp server to crash. More advanced attacks can result in arbitrary code execution on the victim host.

Affected Products:

  • Nevis Systems All-Mail 1.1.0

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.